diff --git a/clients/cli/common.c b/clients/cli/common.c index b5e684cecb..452f04f624 100644 --- a/clients/cli/common.c +++ b/clients/cli/common.c @@ -17,6 +17,7 @@ #include "nm-vpn-helpers.h" #include "nm-client-utils.h" +#include "nm-glib-aux/nm-secret-utils.h" #include "utils.h" @@ -732,7 +733,7 @@ get_secrets_from_user (const NmcConfig *nmc_config, /* No password provided, cancel the secrets. */ if (!pwd) return FALSE; - g_free (secret->value); + nm_free_secret (secret->value); secret->value = pwd; } return TRUE; @@ -1005,7 +1006,7 @@ nmc_readline_echo (const NmcConfig *nmc_config, va_list args; gs_free char *prompt = NULL; char *str; - HISTORY_STATE *saved_history; + nm_auto_free HISTORY_STATE *saved_history = NULL; HISTORY_STATE passwd_history = { 0, }; va_start (args, prompt_fmt); @@ -1018,6 +1019,10 @@ nmc_readline_echo (const NmcConfig *nmc_config, if (!echo_on) { saved_history = history_get_history_state (); history_set_history_state (&passwd_history); + /* stifling history is important as it tells readline to + * not store anything, otherwise sensitive data could be + * leaked */ + stifle_history (0); rl_redisplay_function = nmc_secret_redisplay; } diff --git a/clients/cli/devices.c b/clients/cli/devices.c index 0a7339bc2c..a23113339c 100644 --- a/clients/cli/devices.c +++ b/clients/cli/devices.c @@ -18,6 +18,7 @@ #include "utils.h" #include "common.h" #include "connections.h" +#include "nm-glib-aux/nm-secret-utils.h" /* define some prompts */ #define PROMPT_INTERFACE _("Interface: ") @@ -3639,7 +3640,7 @@ finish: if (bssid2_arr) g_byte_array_free (bssid2_arr, TRUE); g_free (ssid_ask); - g_free (passwd_ask); + nm_free_secret (passwd_ask); return nmc->return_value; } diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index b0b96f9957..6032053bbb 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -13,6 +13,7 @@ #include "nm-utils-private.h" #include "nm-setting-private.h" #include "nm-setting-wireless.h" +#include "nm-glib-aux/nm-secret-utils.h" /** * SECTION:nm-setting-wireless-security @@ -1316,33 +1317,33 @@ set_property (GObject *object, guint prop_id, priv->leap_username = g_value_dup_string (value); break; case PROP_WEP_KEY0: - g_free (priv->wep_key0); + nm_free_secret (priv->wep_key0); priv->wep_key0 = g_value_dup_string (value); break; case PROP_WEP_KEY1: - g_free (priv->wep_key1); + nm_free_secret (priv->wep_key1); priv->wep_key1 = g_value_dup_string (value); break; case PROP_WEP_KEY2: - g_free (priv->wep_key2); + nm_free_secret (priv->wep_key2); priv->wep_key2 = g_value_dup_string (value); break; case PROP_WEP_KEY3: - g_free (priv->wep_key3); + nm_free_secret (priv->wep_key3); priv->wep_key3 = g_value_dup_string (value); break; case PROP_WEP_KEY_FLAGS: priv->wep_key_flags = g_value_get_flags (value); break; case PROP_PSK: - g_free (priv->psk); + nm_free_secret (priv->psk); priv->psk = g_value_dup_string (value); break; case PROP_PSK_FLAGS: priv->psk_flags = g_value_get_flags (value); break; case PROP_LEAP_PASSWORD: - g_free (priv->leap_password); + nm_free_secret (priv->leap_password); priv->leap_password = g_value_dup_string (value); break; case PROP_LEAP_PASSWORD_FLAGS: @@ -1392,12 +1393,12 @@ finalize (GObject *object) g_free (priv->key_mgmt); g_free (priv->auth_alg); g_free (priv->leap_username); - g_free (priv->wep_key0); - g_free (priv->wep_key1); - g_free (priv->wep_key2); - g_free (priv->wep_key3); - g_free (priv->psk); - g_free (priv->leap_password); + nm_free_secret (priv->wep_key0); + nm_free_secret (priv->wep_key1); + nm_free_secret (priv->wep_key2); + nm_free_secret (priv->wep_key3); + nm_free_secret (priv->psk); + nm_free_secret (priv->leap_password); g_slist_free_full (priv->proto, g_free); g_slist_free_full (priv->pairwise, g_free);